Whonix live mode / amnesia / amnesic / non-persistent / anti-forensics

Patrick · October 3, 2022, 12:21pm

Patrick · June 21, 2023, 11:22am

Patrick · June 21, 2023, 12:39pm

Added to Combine Kicksecure ™ Live VMs with Read-only Mode for Virtual Hard Drives chapter VirtualBox in Kicksecure wiki just now:

On Debian bookworm based Kicksecure ™ 17 (and above) / Newer VirtualBox versions:

VirtualBox might no longer support VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/ReadOnly. Settings set thorugh VBoxManage setextradata are not officially supported and might be gone at some time such as now.

VirtualBox documentation chapter Special Image Write Modes mentions immutable images but this might not be as good as read-only images.

Patrick · June 21, 2023, 12:41pm

Above two issues are not easy to fix.

Help welcome!

Link to source code:

github.com

Kicksecure/desktop-config-dist/blob/master/usr/share/livecheck/livecheck.sh

#!/bin/bash

## Copyright (C) 2018 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## Copyright (C) 2018 Algernon <33966997+Algernon-01@users.noreply.github.com>
## See the file COPYING for copying conditions.

set -e

## sudo /bin/lsblk --all
##
## NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
## sda      8:0    0  100G  1 disk
##
## 1 means read-only
## 0 means read-write

## As soon as we have at least one "0" it is concluded: not live mode.

## when using snapd:
##

This file has been truncated. show original

Patrick · July 9, 2023, 2:45pm

rootovl vs overlayfs discussed here:
Boot Existing, Usual Linux Installation from Hard Disk in Live Mode / read-only mode with dracut · Issue #1565 · dracutdevs/dracut · GitHub

Patrick · August 14, 2023, 1:33pm

https://www.reddit.com/r/Whonix/comments/15q7vcs/have_the_dev_team_tested_the_antiforensic/

Patrick · January 13, 2024, 4:42am

issue with older build versions still using initramfs-tools and fix: